This is a report that should contain complex information about the web application. It should be revisited by a team member. This scann is meant to be run periodically and is meant to be the longest out of all the scanns.

Generated on Mon, 29 Jan 2024 12:59:13

ZAP Version: 2.13.0

Summary of Alerts

Risk Level Number of Alerts
High
2
Medium
5
Low
4

Passing Rules

Name Rule Type Threshold Strength
Directory Browsing Active LOW HIGH
CRLF Injection Active LOW HIGH
Path Traversal Active LOW HIGH
Remote File Inclusion Active LOW HIGH
Parameter Tampering Active LOW HIGH
Server Side Include Active LOW HIGH
GET for POST Active LOW HIGH
Cross Site Scripting (Reflected) Active LOW HIGH
Cross Site Scripting (Persistent) Active LOW HIGH
Script Active Scan Rules Active LOW HIGH
Cross Site Scripting (Persistent) - Prime Active LOW HIGH
Cross Site Scripting (Persistent) - Spider Active LOW HIGH
SQL Injection - MySQL Active LOW HIGH
SQL Injection - Hypersonic SQL Active LOW HIGH
SQL Injection - Oracle Active LOW HIGH
SQL Injection - PostgreSQL Active LOW HIGH
SQL Injection - SQLite Active LOW HIGH
Cross Site Scripting (DOM Based) Active LOW HIGH
SQL Injection - MsSQL Active LOW HIGH
Trace.axd Information Leak Active LOW HIGH
XSLT Injection Active LOW HIGH
.htaccess Information Leak Active LOW HIGH
.env Information Leak Active LOW HIGH
Server Side Code Injection Active LOW HIGH
Hidden File Finder Active LOW HIGH
XPath Injection Active LOW HIGH
Remote OS Command Injection Active LOW HIGH
XML External Entity Attack Active LOW HIGH
Generic Padding Oracle Active LOW HIGH
Spring Actuator Information Leak Active LOW HIGH
SOAP Action Spoofing Active LOW HIGH
Log4Shell Active LOW HIGH
SOAP XML Injection Active LOW HIGH
Spring4Shell Active LOW HIGH
Heartbleed OpenSSL Vulnerability Active LOW HIGH
Buffer Overflow Active LOW HIGH
Source Code Disclosure - CVE-2012-1823 Active LOW HIGH
Format String Error Active LOW HIGH
Server Side Template Injection Active LOW HIGH
Remote Code Execution - CVE-2012-1823 Active LOW HIGH
External Redirect Active LOW HIGH
Server Side Template Injection (Blind) Active LOW HIGH
User Agent Fuzzer Active LOW HIGH
Source Code Disclosure - /WEB-INF folder Active LOW HIGH
Session Management Response Identified Passive MEDIUM -
Verification Request Identified Passive MEDIUM -
Insecure JSF ViewState Passive MEDIUM -
Vulnerable JS Library (Powered by Retire.js) Passive MEDIUM -
Charset Mismatch Passive MEDIUM -
Cookie No HttpOnly Flag Passive MEDIUM -
Cookie Without Secure Flag Passive MEDIUM -
Re-examine Cache-control Directives Passive MEDIUM -
Content-Type Header Missing Passive MEDIUM -
Application Error Disclosure Passive MEDIUM -
Information Disclosure - Debug Error Messages Passive MEDIUM -
Information Disclosure - Sensitive Information in URL Passive MEDIUM -
Information Disclosure - Sensitive Information in HTTP Referrer Header Passive MEDIUM -
Information Disclosure - Suspicious Comments Passive MEDIUM -
Open Redirect Passive MEDIUM -
Cookie Poisoning Passive MEDIUM -
User Controllable Charset Passive MEDIUM -
User Controllable HTML Element Attribute (Potential XSS) Passive MEDIUM -
WSDL File Detection Passive MEDIUM -
Loosely Scoped Cookie Passive MEDIUM -
Viewstate Passive MEDIUM -
Directory Browsing Passive MEDIUM -
Heartbleed OpenSSL Vulnerability (Indicative) Passive MEDIUM -
Strict-Transport-Security Header Passive MEDIUM -
HTTP Server Response Header Passive MEDIUM -
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Passive MEDIUM -
X-Backend-Server Header Information Leak Passive MEDIUM -
Secure Pages Include Mixed Content Passive MEDIUM -
HTTP to HTTPS Insecure Transition in Form Post Passive MEDIUM -
HTTPS to HTTP Insecure Transition in Form Post Passive MEDIUM -
User Controllable JavaScript Event (XSS) Passive MEDIUM -
Big Redirect Detected (Potential Sensitive Information Leak) Passive MEDIUM -
Retrieved from Cache Passive MEDIUM -
X-ChromeLogger-Data (XCOLD) Header Information Leak Passive MEDIUM -
Cookie without SameSite Attribute Passive MEDIUM -
CSP Passive MEDIUM -
X-Debug-Token Information Leak Passive MEDIUM -
Username Hash Found Passive MEDIUM -
X-AspNet-Version Response Header Passive MEDIUM -
PII Disclosure Passive MEDIUM -
Script Passive Scan Rules Passive MEDIUM -
Stats Passive Scan Rule Passive MEDIUM -
Absence of Anti-CSRF Tokens Passive MEDIUM -
Hash Disclosure Passive MEDIUM -
Weak Authentication Method Passive MEDIUM -
Reverse Tabnabbing Passive MEDIUM -
Modern Web Application Passive MEDIUM -
Authentication Request Identified Passive MEDIUM -

Sites

http://cdnjs.cloudflare.com

HTTP Response Code Number of Responses

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

http://localhost:3000

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values
cookieconsent_status
Cookie
727
1
language
Cookie
1349
1
welcomebanner_status
Cookie
932
1
EIO
URL
287
1
name
URL
114
1
q
URL
57
1
sid
URL
230
57
t
URL
230
229
transport
URL
287
2
Accept-Ranges
Header
786
1
Access-Control-Allow-Origin
Header
1474
1
Cache-Control
Header
786
1
Connection
Header
1761
2
Content-Length
Header
937
40
Content-Type
Header
937
14
Date
Header
1704
50
ETag
Header
1473
36
Feature-Policy
Header
1474
1
Keep-Alive
Header
1704
1
Last-Modified
Header
786
3
Sec-WebSocket-Accept
Header
57
57
Upgrade
Header
57
1
Vary
Header
541
1
X-Content-Type-Options
Header
1474
1
X-Frame-Options
Header
1474
1
X-Recruiting
Header
1474
1

Alert Detail

High
Cloud Metadata Potentially Exposed
Description
The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure.

All of these providers provide metadata via an internal unroutable IP address '169.254.169.254' - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field.
URL http://localhost:3000/latest/meta-data/?EIO=4&transport=polling&t=OrL4by4&sid=34iAG4GjvvSpWqWdAABw
Method POST
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 456 bytes.
Request Body - size: 2 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
Instances 1
Solution
Do not trust any user data in NGINX configs. In this case it is probably the use of the $host variable which is set from the 'Host' header and can be controlled by an attacker.
Reference https://www.nginx.com/blog/trust-no-one-perils-of-trusting-user-input/
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id
WASC Id
Plugin Id 90034
High
SQL Injection - SQLite
Description
SQL injection may be possible.
URL http://localhost:3000/rest/products/search?q=%27%28
Method GET
Parameter q
Attack '(
Evidence SQLITE_ERROR
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 362 bytes.
Response Body - size: 309 bytes.
URL http://localhost:3000/api/Challenges/?name=Score%20Board
Method GET
Parameter name
Attack case randomblob(100000) when not null then 1 else 1 end
Evidence The query time is controllable using parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [305] milliseconds, parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [305] milliseconds, when the original unmodified query with value [Score Board] took [148] milliseconds.
Request Header - size: 378 bytes.
Request Body - size: 0 bytes.
Response Header - size: 384 bytes.
Response Body - size: 30 bytes.
URL http://localhost:3000/rest/products/search?q=
Method GET
Parameter q
Attack ' | case randomblob(1000000) when not null then "" else "" end | '
Evidence The query time is controllable using parameter value [' | case randomblob(1000000) when not null then "" else "" end | '], which caused the request to take [507] milliseconds, parameter value [' | case randomblob(1000000) when not null then "" else "" end | '], which caused the request to take [507] milliseconds, when the original unmodified query with value [] took [125] milliseconds.
Request Header - size: 406 bytes.
Request Body - size: 0 bytes.
Response Header - size: 384 bytes.
Response Body - size: 30 bytes.
Instances 3
Solution
Do not trust client side input, even if there is client side validation in place.

In general, type check all data on the server side.

If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'

If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.

If database Stored Procedures can be used, use them.

Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!

Do not create dynamic SQL queries using simple string concatenation.

Escape all data received from the client.

Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.

Apply the principle of least privilege by using the least privileged database user possible.

In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.

Grant the minimum database access that is necessary for the application.
Reference https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
Tags OWASP_2021_A03
WSTG-v42-INPV-05
OWASP_2017_A01
CWE Id 89
WASC Id 19
Plugin Id 40018
Medium
Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://localhost:3000
Method GET
Parameter
Attack
Evidence
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/
Method GET
Parameter
Attack
Evidence
Request Header - size: 346 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 151 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 135 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 133 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 132 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.svn/entries
Method GET
Parameter
Attack
Evidence
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.svn/wc.db
Method GET
Parameter
Attack
Evidence
Request Header - size: 128 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/assets/public/images/hackingInstructor.png
Method GET
Parameter
Attack
Evidence
Request Header - size: 382 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/ftp
Method GET
Parameter
Attack
Evidence
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 338 bytes.
Response Body - size: 11,052 bytes.
URL http://localhost:3000/sitemap.xml
Method GET
Parameter
Attack
Evidence
Request Header - size: 129 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4RpG&sid=9ecwW0Eq3wTCvLrNAAAA
Method POST
Parameter
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Stu&sid=gGwJsk6BFC7vI5ZOAAAE
Method POST
Parameter
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SU4&sid=O16VfhM8Z6RvIAyXAAAC
Method POST
Parameter
Attack
Evidence
Request Header - size: 448 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4TK1&sid=6djhcW4StIW8JIqqAAAG
Method POST
Parameter
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Tqi&sid=DKMGzw9n11lbALczAAAI
Method POST
Parameter
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UN1&sid=zf9bv1dtHDh6IoXYAAAK
Method POST
Parameter
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UsM&sid=ltqX-LrpW5-_vRePAAAM
Method POST
Parameter
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 19
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
http://www.w3.org/TR/CSP/
http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html
http://www.html5rocks.com/en/tutorials/security/content-security-policy/
http://caniuse.com/#feat=contentsecuritypolicy
http://content-security-policy.com/
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id 693
WASC Id 15
Plugin Id 10038
Medium
Cross-Domain Misconfiguration
Description
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server
URL http://localhost:3000
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 346 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 151 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/index
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 128 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 135 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 133 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 133 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 132 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.svn/entries
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.svn/wc.db
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 128 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 146 bytes.
Request Body - size: 0 bytes.
Response Header - size: 456 bytes.
Response Body - size: 15,086 bytes.
URL http://localhost:3000/ftp
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 338 bytes.
Response Body - size: 11,052 bytes.
URL http://localhost:3000/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 125 bytes.
Request Body - size: 0 bytes.
Response Header - size: 483 bytes.
Response Body - size: 399,748 bytes.
URL http://localhost:3000/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 481 bytes.
Response Body - size: 54,478 bytes.
URL http://localhost:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 386 bytes.
Request Body - size: 0 bytes.
Response Header - size: 306 bytes.
Response Body - size: 0 bytes.
URL http://localhost:3000/robots.txt
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 128 bytes.
Request Body - size: 0 bytes.
Response Header - size: 378 bytes.
Response Body - size: 28 bytes.
URL http://localhost:3000/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 277 bytes.
Request Body - size: 0 bytes.
Response Header - size: 479 bytes.
Response Body - size: 3,210 bytes.
URL http://localhost:3000/sitemap.xml
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 129 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 128 bytes.
Request Body - size: 0 bytes.
Response Header - size: 469 bytes.
Response Body - size: 609,583 bytes.
URL http://localhost:3000/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 127 bytes.
Request Body - size: 0 bytes.
Response Header - size: 485 bytes.
Response Body - size: 1,376,624 bytes.
Instances 21
Solution
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).

Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
Reference https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy
Tags OWASP_2021_A01
OWASP_2017_A05
CWE Id 264
WASC Id 14
Plugin Id 10098
Medium
ELMAH Information Leak
Description
The Error Logging Modules and Handlers (ELMAH [elmah.axd]) HTTP Module was found to be available. This module can leak a significant amount of valuable information.
URL http://localhost:3000/elmah.axd
Method GET
Parameter
Attack
Evidence HTTP/1.1 200 OK
Request Header - size: 328 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
Instances 1
Solution
Consider whether or not ELMAH is actually required in production, if it isn't then disable it. If it is then ensure access to it requires authentication and authorization. See also: https://elmah.github.io/a/securing-error-log-pages/
Reference https://www.troyhunt.com/aspnet-session-hijacking-with-google/
https://www.nuget.org/packages/elmah
https://elmah.github.io/
Tags OWASP_2021_A05
WSTG-v42-CONF-05
OWASP_2017_A06
CWE Id 94
WASC Id 14
Plugin Id 40028
Medium
Missing Anti-clickjacking Header
Description
The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4RpG&sid=9ecwW0Eq3wTCvLrNAAAA
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Stu&sid=gGwJsk6BFC7vI5ZOAAAE
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SU4&sid=O16VfhM8Z6RvIAyXAAAC
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 448 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4TK1&sid=6djhcW4StIW8JIqqAAAG
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Tqi&sid=DKMGzw9n11lbALczAAAI
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UN1&sid=zf9bv1dtHDh6IoXYAAAK
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UsM&sid=ltqX-LrpW5-_vRePAAAM
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Vjw&sid=RsjrP2HGqgnYSxj_AAAQ
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 478 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4VuS&sid=_tekuTMoNqvJtWdgAAAS
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 448 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4VZX&sid=UqmxTtjL59XSTAzbAAAO
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4W3H&sid=bTvCGmKSgRqTGki_AAAU
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 478 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4WEw&sid=JDAQkA_AqnM81AH1AAAW
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 448 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Wha&sid=EX_vNXE5WbT8GU-uAAAa
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 478 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4WKK&sid=5lNebDDXaXzsKYciAAAX
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Wun&sid=skAHIAfGWhhc01I8AAAc
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Xat&sid=41XiSQzeazsqPataAAAj
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 478 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4XKd&sid=Jt44Ii_7UcaPxJX3AAAe
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 478 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4XPa&sid=17ZKXlwdo3lYd7VAAAAg
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 508 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4XZq&sid=_1g8FG-BDpPPQuh5AAAi
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Y3l&sid=6zTVVmsWU6JCBC89AAAm
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 508 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Y_8&sid=_ByaZ3rC64vmP_JYAAAv
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4YFO&sid=-ujRZwrf-pE3EA3GAAAo
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Ykb&sid=5FkZICSyVJ2Z7O5EAAAs
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 508 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4YTB&sid=7H0k0hGLotuG1XVcAAAq
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 478 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4YuL&sid=r8_01s-Z4s2KM8S8AAAu
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 508 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Z6I&sid=ClSMmn7AyVgIxUqkAAAz
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 448 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Z6Z&sid=q_6H6gxAJ6wVnJ1XAAAy
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 478 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 27
Solution
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.

If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Tags OWASP_2021_A05
WSTG-v42-CLNT-09
OWASP_2017_A06
CWE Id 1021
WASC Id 15
Plugin Id 10020
Medium
Session ID in URL Rewrite
Description
URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4RpH&sid=9ecwW0Eq3wTCvLrNAAAA
Method GET
Parameter sid
Attack
Evidence 9ecwW0Eq3wTCvLrNAAAA
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 53 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4RqW&sid=9ecwW0Eq3wTCvLrNAAAA
Method GET
Parameter sid
Attack
Evidence 9ecwW0Eq3wTCvLrNAAAA
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Stv&sid=gGwJsk6BFC7vI5ZOAAAE
Method GET
Parameter sid
Attack
Evidence gGwJsk6BFC7vI5ZOAAAE
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SU5&sid=O16VfhM8Z6RvIAyXAAAC
Method GET
Parameter sid
Attack
Evidence O16VfhM8Z6RvIAyXAAAC
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SUa&sid=O16VfhM8Z6RvIAyXAAAC
Method GET
Parameter sid
Attack
Evidence O16VfhM8Z6RvIAyXAAAC
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SvO&sid=gGwJsk6BFC7vI5ZOAAAE
Method GET
Parameter sid
Attack
Evidence gGwJsk6BFC7vI5ZOAAAE
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4TK3&sid=6djhcW4StIW8JIqqAAAG
Method GET
Parameter sid
Attack
Evidence 6djhcW4StIW8JIqqAAAG
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4TLC&sid=6djhcW4StIW8JIqqAAAG
Method GET
Parameter sid
Attack
Evidence 6djhcW4StIW8JIqqAAAG
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Tqk&sid=DKMGzw9n11lbALczAAAI
Method GET
Parameter sid
Attack
Evidence DKMGzw9n11lbALczAAAI
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Trf&sid=DKMGzw9n11lbALczAAAI
Method GET
Parameter sid
Attack
Evidence DKMGzw9n11lbALczAAAI
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UN3&sid=zf9bv1dtHDh6IoXYAAAK
Method GET
Parameter sid
Attack
Evidence zf9bv1dtHDh6IoXYAAAK
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UO9&sid=zf9bv1dtHDh6IoXYAAAK
Method GET
Parameter sid
Attack
Evidence zf9bv1dtHDh6IoXYAAAK
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UsM.0&sid=ltqX-LrpW5-_vRePAAAM
Method GET
Parameter sid
Attack
Evidence ltqX-LrpW5-_vRePAAAM
Request Header - size: 338 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=websocket&sid=6djhcW4StIW8JIqqAAAG
Method GET
Parameter sid
Attack
Evidence 6djhcW4StIW8JIqqAAAG
Request Header - size: 470 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=websocket&sid=9ecwW0Eq3wTCvLrNAAAA
Method GET
Parameter sid
Attack
Evidence 9ecwW0Eq3wTCvLrNAAAA
Request Header - size: 470 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=websocket&sid=DKMGzw9n11lbALczAAAI
Method GET
Parameter sid
Attack
Evidence DKMGzw9n11lbALczAAAI
Request Header - size: 470 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=websocket&sid=gGwJsk6BFC7vI5ZOAAAE
Method GET
Parameter sid
Attack
Evidence gGwJsk6BFC7vI5ZOAAAE
Request Header - size: 470 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=websocket&sid=ltqX-LrpW5-_vRePAAAM
Method GET
Parameter sid
Attack
Evidence ltqX-LrpW5-_vRePAAAM
Request Header - size: 470 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=websocket&sid=O16VfhM8Z6RvIAyXAAAC
Method GET
Parameter sid
Attack
Evidence O16VfhM8Z6RvIAyXAAAC
Request Header - size: 491 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=websocket&sid=zf9bv1dtHDh6IoXYAAAK
Method GET
Parameter sid
Attack
Evidence zf9bv1dtHDh6IoXYAAAK
Request Header - size: 470 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4RpG&sid=9ecwW0Eq3wTCvLrNAAAA
Method POST
Parameter sid
Attack
Evidence 9ecwW0Eq3wTCvLrNAAAA
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Stu&sid=gGwJsk6BFC7vI5ZOAAAE
Method POST
Parameter sid
Attack
Evidence gGwJsk6BFC7vI5ZOAAAE
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SU4&sid=O16VfhM8Z6RvIAyXAAAC
Method POST
Parameter sid
Attack
Evidence O16VfhM8Z6RvIAyXAAAC
Request Header - size: 448 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4TK1&sid=6djhcW4StIW8JIqqAAAG
Method POST
Parameter sid
Attack
Evidence 6djhcW4StIW8JIqqAAAG
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Tqi&sid=DKMGzw9n11lbALczAAAI
Method POST
Parameter sid
Attack
Evidence DKMGzw9n11lbALczAAAI
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UN1&sid=zf9bv1dtHDh6IoXYAAAK
Method POST
Parameter sid
Attack
Evidence zf9bv1dtHDh6IoXYAAAK
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UsM&sid=ltqX-LrpW5-_vRePAAAM
Method POST
Parameter sid
Attack
Evidence ltqX-LrpW5-_vRePAAAM
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 27
Solution
For secure content, put session ID in a cookie. To be even more secure consider using a combination of cookie and URL rewrite.
Reference http://seclists.org/lists/webappsec/2002/Oct-Dec/0111.html
Tags OWASP_2021_A01
WSTG-v42-SESS-04
OWASP_2017_A03
CWE Id 200
WASC Id 13
Plugin Id 3
Low
Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL http://localhost:3000
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 346 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 346 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 151 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 151 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/index
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 128 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/index
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 128 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 135 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 135 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 133 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 133 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 133 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 133 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 132 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.git/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 132 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.svn/entries
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.svn/entries
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.svn/wc.db
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 128 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/.svn/wc.db
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 128 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/sitemap.xml
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 129 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://localhost:3000/sitemap.xml
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 129 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
Instances 24
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
Tags OWASP_2021_A08
CWE Id 829
WASC Id 15
Plugin Id 10017
Low
Private IP Disclosure
Description
A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.
URL http://localhost:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence 192.168.99.100:3000
Request Header - size: 333 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 18,843 bytes.
Instances 1
Solution
Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.
Reference https://tools.ietf.org/html/rfc1918
Tags OWASP_2021_A01
OWASP_2017_A03
CWE Id 200
WASC Id 13
Plugin Id 2
Low
Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server - Unix
URL http://localhost:3000/main.js
Method GET
Parameter
Attack
Evidence 1734944650
Request Header - size: 125 bytes.
Request Body - size: 0 bytes.
Response Header - size: 483 bytes.
Response Body - size: 399,748 bytes.
URL http://localhost:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence 1969196030
Request Header - size: 333 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 18,843 bytes.
URL http://localhost:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence 1970691216
Request Header - size: 333 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 18,843 bytes.
URL http://localhost:3000/rest/products/search?q=
Method GET
Parameter
Attack
Evidence 1969196030
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 12,895 bytes.
URL http://localhost:3000/rest/products/search?q=
Method GET
Parameter
Attack
Evidence 1970691216
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 12,895 bytes.
Instances 5
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference http://projects.webappsec.org/w/page/13246936/Information%20Leakage
Tags OWASP_2021_A01
OWASP_2017_A03
CWE Id 200
WASC Id 13
Plugin Id 10096
Low
X-Content-Type-Options Header Missing
Description
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4RlK
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4RpH&sid=9ecwW0Eq3wTCvLrNAAAA
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 53 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4RqW&sid=9ecwW0Eq3wTCvLrNAAAA
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Sqj
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SRA
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 332 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Stv&sid=gGwJsk6BFC7vI5ZOAAAE
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SU5&sid=O16VfhM8Z6RvIAyXAAAC
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SUa&sid=O16VfhM8Z6RvIAyXAAAC
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SvO&sid=gGwJsk6BFC7vI5ZOAAAE
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4TGz
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4TK3&sid=6djhcW4StIW8JIqqAAAG
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4TLC&sid=6djhcW4StIW8JIqqAAAG
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4TnB
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Tqk&sid=DKMGzw9n11lbALczAAAI
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Trf&sid=DKMGzw9n11lbALczAAAI
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UIh
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UN3&sid=zf9bv1dtHDh6IoXYAAAK
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 336 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UO9&sid=zf9bv1dtHDh6IoXYAAAK
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UpN
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UsM.0&sid=ltqX-LrpW5-_vRePAAAM
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 338 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4RpG&sid=9ecwW0Eq3wTCvLrNAAAA
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Stu&sid=gGwJsk6BFC7vI5ZOAAAE
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4SU4&sid=O16VfhM8Z6RvIAyXAAAC
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 448 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4TK1&sid=6djhcW4StIW8JIqqAAAG
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4Tqi&sid=DKMGzw9n11lbALczAAAI
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UN1&sid=zf9bv1dtHDh6IoXYAAAK
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL4UsM&sid=ltqX-LrpW5-_vRePAAAM
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 427 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 27
Solution
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Reference http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
https://owasp.org/www-community/Security_Headers
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id 693
WASC Id 15
Plugin Id 10021